Ransomware Claims in Decline?

Q4 2021 Risk Insights Index for Cyber & Technology E&O

Last week Corvus Insurance released its quarterly report on cyber risk trends in the insurance and technology industries. The Q4 2021 Risk Insights Index for 2021 Q4 for Cyber & Technology E&O (Errors & Omission Insurance) identifies a number of notable trends worthy of further discussion, maybe none more so than the recent ransomware trends Corvus says provide “some cause for optimism”. Among these optimistic trends are the steady decline in ransomware payments over the last 5 quarters (down to 12% in Q3 2021 from 44% in Q3 2020) and the 50% drop in ransomware incident frequency over a single quarter (down to 0.30% in Q2 2021 from 0.58% in Q1 2021).

Ransomware Payments Steadily Decline Over Last 5 Quarters

Corvus reports that despite criminals’ best efforts to double extort victims and increase leverage, ransom payments are on the decline primarily as a result of organizations being more prepared and better equipped to handle ransomware, citing improved system backup strategies as the most significant factor in enabling organizations to deny ransom payments with confidence.

Ransomware Claims drop by 50% from Q1 to Q2 of 2021

As shown in the chart below, the report details a steady growth in ransomware-related cyber insurance claims from Q2 2020 through Q1 2021, but reports a nearly 50% drop in claims by Q2 2021, which for the most part continued through Q3 as well. The percentage of ransoms paid has decreased by 50% in the third quarter of 2021.

As shown in the chart below, the report details a steady growth in ransomware-related cyber insurance claims from Q2 2020 through Q1 2021 but reports a nearly 50% drop in claims by Q2 2021, which for the most part continued through Q3 as well.

The True Cost of Ransomware Recovery

The report goes on to break down the true cost of ransomware recovery, showing a year-over-year comparison of 2019 and 2020. While 2020 saw an increase in the cost of the ransom payments themselves as well as the costs associated with breach response, business interruption(BI) costs were on the decline. According to Corvus, these trends are “mostly due to improved preparedness and resiliency on the part of organizations, allowing for breach response professionals to handle ransomware situations efficiently and get companies back online faster.”

Recent Ransomware Trends A Cause For Optimism?

All in all, the ransomware trends in this report are overwhelmingly positive, even more so when put into context with the unprecedented ransomware threats that defined 2020. Michael Hill at CSO Magazine spoke with various people in the cyber insurance industry, and all were hopeful that these trends signaled the start of a new era, where cyber insurance companies work alongside cyber security services to minimize exposure to ransomware attacks for policyholders by initiating risk management strategies.

While it’s certainly easy to feel optimistic about these latest insights, they do beg the question, are these trends actually the result of increased preparedness and resiliency among organizations with cyber insurance or is that just wishful thinking? Jake Williams has been quoted extensively on all the factors that might have led to the decrease.  While we are hopeful that the drop in ransomware-related cyber insurance claims is based on the increased security posture of our clients, we do want to urge caution.